Descrição
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-5280
Tags
Nâo informado
Data de publicação
13/07/2024
Última atualização
08/12/2024
Pontuação em CVSS 3.0
4.7
Médio